Details of breach show weakness of Target and others

Print
Font Size:
Default font size
Larger font size

Posted: Saturday, February 8, 2014 12:00 am | Updated: 2:03 pm, Thu Jun 5, 2014.

NEW YORK (AP) — The hackers who stole millions of credit and debit card numbers from Target may have used a Pittsburgh-area heating and refrigeration business as the back door to get in.

Fazio Mechanical Services Inc., a contractor that does business with Target, said in a statement that it was the victim of a “sophisticated cyberattack operation,” just like Target. It said it is cooperating with the Secret Service and Target to figure out what happened.

The statement came days after Internet security bloggers identified the Sharpsburg, Pa., company as the third-party vendor through which hackers penetrated Target’s computer systems.

The new details about the Target breach illustrate just how vulnerable big corporations have become as they expand and connect computer networks to offer greater convenience and increase productivity.

“Companies really have to look at the risks associated with that,” said Ken Stasiak, CEO of SecureState, a Cleveland-based firm that investigates data breaches.

Stasiak added that industry regulations require companies to separate corporate operations such as contracts and billing from the financial information of consumers.

Target has said it believes hackers gained access to its vast computer network through one of its vendors. Once inside, the hackers moved through the network and installed malicious software in the company’s checkout system.

Experts believe the thieves gained access during the busy holiday season to about 40 million debit and credit card numbers and the personal information — including names, email addresses, phone numbers and home addresses — of as many as 70 million customers.

Secret Service spokesman Brian Leary confirmed that investigators are looking into the attack at Fazio Mechanical Services but wouldn’t give details. Molly Snyder, spokeswoman for Minneapolis-based Target, would not comment, citing the investigation.

Federal prosecutors in Pittsburgh referred calls to their counterparts in Minnesota, where Assistant U.S. Attorney Steve Schleicher would not discuss the investigation.

“Like Target, we are a victim of a sophisticated cyberattack operation,” Ross Fazio, the company’s president and owner, said in a statement.

Fazio Mechanical Services denied reports on blogs and other outlets that said the company remotely monitored heating, cooling and refrigeration for Target, which has about 1,800 stores nationwide. Ross Fazio said his company has an electronic connection with Target that it uses to submit bills and contract proposals.

© 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


loading...

SPOTLIGHT »

Inside Business
To submit an announcement for "Inside Business", click here. For questions call (402) 444-1371 or e-mail announcements@owh.com.

World-Herald Alerts

Want to get World-Herald stories sent directly to your home or work computer? Sign up for Omaha.com's News Alerts and you will receive e-mails with the day's top stories.